aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rwxr-xr-xcore/bearssl/build4
-rw-r--r--core/bearssl/checksums2
-rw-r--r--core/bearssl/patches/0001-Add-missing-return-in-client-single-EC-choose-functi.patch25
-rw-r--r--core/bearssl/patches/0002-Add-functions-to-retrieve-certificate-validity-perio.patch60
-rw-r--r--core/bearssl/sources2
5 files changed, 93 insertions, 0 deletions
diff --git a/core/bearssl/build b/core/bearssl/build
index 88cfba4f..0b40bffc 100755
--- a/core/bearssl/build
+++ b/core/bearssl/build
@@ -1,5 +1,9 @@
#!/bin/sh -e
+for patch in *.patch; do
+ patch -p1 < "$patch"
+done
+
kinstall() {
mkdir -p "${3%/*}"; cp "$2" "$3"
chmod "$1" "$3"
diff --git a/core/bearssl/checksums b/core/bearssl/checksums
index d71b6ddc..cd6661bf 100644
--- a/core/bearssl/checksums
+++ b/core/bearssl/checksums
@@ -1 +1,3 @@
6705bba1714961b41a728dfc5debbe348d2966c117649392f8c8139efc83ff14 bearssl-0.6.tar.gz
+ad783bbbbb58bbdad66af299c5a0ea5389474a7d7256391673fe94e88f11fbef 0001-Add-missing-return-in-client-single-EC-choose-functi.patch
+414fd90fc27353ae3ca2478b68891715088de8b6cf6b81927ed8337df63f47e4 0002-Add-functions-to-retrieve-certificate-validity-perio.patch
diff --git a/core/bearssl/patches/0001-Add-missing-return-in-client-single-EC-choose-functi.patch b/core/bearssl/patches/0001-Add-missing-return-in-client-single-EC-choose-functi.patch
new file mode 100644
index 00000000..421bbc7f
--- /dev/null
+++ b/core/bearssl/patches/0001-Add-missing-return-in-client-single-EC-choose-functi.patch
@@ -0,0 +1,25 @@
+From a5c3ea02385205858128e414873a0150cd8bceda Mon Sep 17 00:00:00 2001
+From: Michael Forney <mforney@mforney.org>
+Date: Fri, 31 Jan 2020 15:11:32 -0800
+Subject: [PATCH] Add missing return in client single EC choose function
+
+Otherwise, static ECDH is never selected.
+---
+ src/ssl/ssl_ccert_single_ec.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/ssl/ssl_ccert_single_ec.c b/src/ssl/ssl_ccert_single_ec.c
+index 93ebcde..2e1e54f 100644
+--- a/src/ssl/ssl_ccert_single_ec.c
++++ b/src/ssl/ssl_ccert_single_ec.c
+@@ -69,6 +69,7 @@ cc_choose(const br_ssl_client_certificate_class **pctx,
+ choices->hash_id = -1;
+ choices->chain = zc->chain;
+ choices->chain_len = zc->chain_len;
++ return;
+ }
+ }
+
+--
+2.25.0
+
diff --git a/core/bearssl/patches/0002-Add-functions-to-retrieve-certificate-validity-perio.patch b/core/bearssl/patches/0002-Add-functions-to-retrieve-certificate-validity-perio.patch
new file mode 100644
index 00000000..8377da4d
--- /dev/null
+++ b/core/bearssl/patches/0002-Add-functions-to-retrieve-certificate-validity-perio.patch
@@ -0,0 +1,60 @@
+From 31fdee5b9d8fc63c850222768dcd097e43da0116 Mon Sep 17 00:00:00 2001
+From: Michael Forney <mforney@mforney.org>
+Date: Thu, 26 Mar 2020 14:17:19 -0700
+Subject: [PATCH] Add functions to retrieve certificate validity period from
+ br_x509_decoder.
+
+---
+ inc/bearssl_x509.h | 36 ++++++++++++++++++++++++++++++++++++
+ 1 file changed, 36 insertions(+)
+
+diff --git a/inc/bearssl_x509.h b/inc/bearssl_x509.h
+index 49d2fba..9d43e15 100644
+--- a/inc/bearssl_x509.h
++++ b/inc/bearssl_x509.h
+@@ -1045,6 +1045,42 @@ br_x509_decoder_last_error(br_x509_decoder_context *ctx)
+ return 0;
+ }
+
++/**
++ * \brief Get the time when the certificate becomes valid.
++ *
++ * The time is represented the same as in `br_x509_minimal_set_time()`.
++ * These values should not be read before decoding completed successfully.
++ *
++ * \param ctx X.509 decoder context.
++ * \param days receives the days since January 1st, 0 AD.
++ * \param seconds receives the seconds since midnight (0 to 86400).
++ */
++static inline void
++br_x509_decoder_get_notbefore(br_x509_decoder_context *ctx,
++ uint32_t *days, uint32_t *seconds)
++{
++ *days = ctx->notbefore_days;
++ *seconds = ctx->notbefore_seconds;
++}
++
++/**
++ * \brief Get the time when the certificate is no longer valid.
++ *
++ * The time is represented the same as in `br_x509_minimal_set_time()`.
++ * These values should not be read before decoding completed successfully.
++ *
++ * \param ctx X.509 decoder context.
++ * \param days receives the days since January 1st, 0 AD.
++ * \param seconds receives the seconds since midnight (0 to 86400).
++ */
++static inline void
++br_x509_decoder_get_notafter(br_x509_decoder_context *ctx,
++ uint32_t *days, uint32_t *seconds)
++{
++ *days = ctx->notafter_days;
++ *seconds = ctx->notafter_seconds;
++}
++
+ /**
+ * \brief Get the "isCA" flag from an X.509 decoder context.
+ *
+--
+2.26.0
+
diff --git a/core/bearssl/sources b/core/bearssl/sources
index be5fb0ae..3d637087 100644
--- a/core/bearssl/sources
+++ b/core/bearssl/sources
@@ -1 +1,3 @@
https://bearssl.org/bearssl-0.6.tar.gz
+patches/0001-Add-missing-return-in-client-single-EC-choose-functi.patch
+patches/0002-Add-functions-to-retrieve-certificate-validity-perio.patch